CVE-2017-8381
https://notcve.org/view.php?id=CVE-2017-8381
XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mkv file that is mishandled during the opening of a directory in "Browser" mode, because of a "User Mode Write AV near NULL" in XnView.exe. XnView Classic para Windows versión 2.40, permite que los atacantes remotos asistidos por el usuario ejecuten código por medio de un archivo .mkv especialmente diseñado que se maneja inapropiadamente durante la apertura de un directorio en el modo "Browser", debido a un "User Mode Write AV near NULL" en el archivo XnView.exe. • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8381 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-9909
https://notcve.org/view.php?id=CVE-2017-9909
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlAddAccessAllowedAce+0x000000000000027a." XnView Classic para Windows en su versión 2.40 permite a un atacante remoto causar una denegación de servicio o posiblemente tener otro impacto no especificado mediante un archivo .fpx manipulado, relacionado a "Data from Faulting Address controls Branch Selection comenzado en ntdll_77df0000!RtlAddAccessAllowedAce+0x000000000000027a." • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9909 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-10736
https://notcve.org/view.php?id=CVE-2017-10736
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at msvcrt!_VEC_memzero+0x000000000000006a." XnView Classic para Windows versión 2.40, permite a los atacantes ejecutar código arbitrario o causar una denegación de servicio por medio de un archivo .rle creado, relacionado a un "User Mode Write AV starting at msvcrt!_VEC_memzero+0x000000000000006a." • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10736 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-10750
https://notcve.org/view.php?id=CVE-2017-10750
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV near NULL starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012." XnView Classic para Windows versión 2.40, permite a los atacantes ejecutar código arbitrario o causar una denegación de servicio por medio de un archivo .rle creado, relacionado a un "User Mode Write AV near NULL starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012." • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10750 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-10771
https://notcve.org/view.php?id=CVE-2017-10771
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCreateSplitBlock+0x0000000000000510." XnView Classic para Windows versión 2.40, podría permitir a los atacantes causar una denegación de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCreateSplitBlock+0x0000000000000510". • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10771 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •